T-Mobile US does not store customer passwords in plain text


This week, T-Mobile Austria admitted that it stores part of customer passwords in plain text. “The customer service agents see the first four characters of your password. We store the whole password, because you need it for the login for mein.t-mobile.at”, a T-Mo Austria rep explained. Many T-Mobile US customers are wondering if their carrier does the same thing, but T-Mo says that it does not.

T-Mobile US tells me that it does not store passwords in plain text. “T-Mobile US applies strong security controls to customer passwords or PIN codes,” T-Mo told me in an e-mailed statement. “T-Mobile US customer care representatives cannot see passwords, and we do not store passwords in plain text.” T-Mo went on to confirm that it does not store any part of a customer’s password in plain text.

T-Mobile CEO John Legere echoed that statement on Twitter:

While T-Mobile Austria has touted that it has “amazingly good” security, it can still be unsettling for customers to know that even part of their passwords are being stored in plain text. Customers’ accounts store a lot of sensitive data, and so if a breach were to happen, it would be a big deal for those customers. The good news is that T-Mobile US customers now know that their passwords are secure.

Thanks, Ricardo!

More info: Motherboard, T-Mobile Austria (Twitter)

Tags: ,

  • Brant

    by not “plaintext”, does the CEO mean a digest/hash, or reversible encryption (which for security purposes, is about as insecure as plaintext)

    • Good

      Tmous isn’t dumb, had to be hashed

      • William Moore

        I wish that were the case. They store passwords in an encrypted form that can be reversed. The last time I clicked “lost my password” they sent it to me via SMS instead of forcing choice of a new one via a reset page.

        • Adam

          Even Ashley Madison didn’t do that.

  • steveb944

    Ouch, shocking they use plain text.

  • Sean sorlie

    I hope people understand that T-Mobile US is a totally different company…